Many computing systems include a mode where instructions may be executed with high privileges. For example, some computer systems include a system management mode (SMM). In SMM, normal execution of instructions, including the operating system, is suspended while special separate instructions (e.g., firmware, etc.) can be executed with high privileges.
An operating system may cause the computer system to enter SMM to manipulate various operational parameters that may not be modifiable during normal operation. For example, the operating system may initiate SMM to overwrite a secure memory location, modify a low level password (e.g. BIOS password, etc.), modify power management functionality, enable or disable security features, manipulate hardware resources, or the like.
Due to the high privileges to which instructions executed during SMM have, SMM may be used to compromise a computer system, for example, as an entry point for a Rootkit, or other malicious software.